• 한국IT서비스학회지
• /
• 제12권1호
• /
• pp.163-171
• /
• 2013

As the kind of IT service on the internet is more and more diversifying and increasing, IT service's adverse effects also consistently occurring. Among them the incident of private information exposure is becoming social issues, especially the exposure of private information entered on-line resume is very serious. This paper investigates whether or not data is encrypted in data transfer section of major on-line job-search sites of Korea by using the packet analyzer such as "Wireshark." This paper judges whether or not the vulnerability, private information exposure, exists from the result of the investigation above and suggests countermeasures.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권5호
• /
• pp.2394-2406
• /
• 2016

ABE has become an effective tool for data protection in cloud computing. However, since users possessing the same attributes share the same private keys, there exist some malicious users exposing their private keys deliberately for illegal data sharing without being detected, which will threaten the security of the cloud system. Such issues remain in many current ABE schemes since the private keys are rarely associated with any user specific identifiers. In order to achieve user accountability as well as provide key exposure protection, in this paper, we propose a key-insulated ciphertext policy attribute based encryption with key exposure accountability (KI-CPABE-KEA). In our scheme, data receiver can decrypt the ciphertext if the attributes he owns match with the self-centric policy which is set by the data owner. Besides, a unique identifier is embedded into each user's private key. If a malicious user exposes his private key for illegal data sharing, his identity can be exactly pinpointed by system manager. The key-insulation mechanism guarantees forward and backward security when key exposure happens as well as provides efficient key updating for users in the cloud system. The higher efficiency with proved security make our KI-CPABE-KEA more appropriate for secure data sharing in cloud computing.

• 아동학회지
• /
• 제37권6호
• /
• pp.119-132
• /
• 2016

Objective: The purpose of this study was to analyze the operation and personal information management of public and private kindergarten homepages. Methods: A total of 2,846 kindergartens were selected from the I-Sarang portal service for analyzing operation, and 217 self-operating homepages were selected for evaluating management. Seven evaluation items from three domains (information gathering procedures and scope, information security, and management of file exposure protection) were used. Wireshark and Google were used for analyzing some evaluation items. Results: The operating ratio of kindergarten homepages was low and most of the kindergartens self-operated their homepages. The evaluation of the information gathering procedures and scope showed that the rule of consent process was not rigidly followed but that the rule of legality for information gathering was followed. Items related to information security were followed at very low levels. As for the management of file exposure protection, the evaluation of items related to the prevention of attachment disclosure showed that the rule of protecting personal information included in an attached file was followed but that the notice regarding information protection was not. Across all evaluation items, the level of personal information management was higher in public (vs. private) kindergartens. Conclusion: These results indicate methods to more securely and effectively manage personal information on kindergarten homepages.

• 한국정보전자통신기술학회논문지
• /
• 제4권3호
• /
• pp.217-224
• /
• 2011

본 논문에서는 동적 데이터베이스 환경에서 발생할 수 있는 개인 정보 노출 문제를 해결할 수 있는 동적 데이터 보호 기법(Dynamic Data Protection Technique)을 제안하였다. 본 논문에서 제안한 DDPT은 다중 속성 일반화 알고리즘을 이용해 MAG(Multi-Attribute Generalization) 규칙을 생성하고, 그 MAG 규칙에 따라 k-anonymity를 만족하는 EC(Equivalence Class)를 생성한다. 그리고 데이터 변경 시 MAG 규칙에 따라 EC를 재구성 하도록 하여, EC의 변경으로 인한 식별 노출을 방지할 수 있다. 또한, ${\ell}$-diversity를 만족하는 EC의 정보손실 정도를 측정하고, 임계치 이하의 EC를 선정해서 데이터의 정확성을 유지함으로써 개인 정보 보호를 향상시켰다.

• Journal of Information Science Theory and Practice
• /
• 제10권2호
• /
• pp.86-101
• /
• 2022

This research aimed at studying the factors that influence new media exposure of political news by youths in Isan society in Thailand. The target group comprised 1,200 individuals, obtained from multi-stage sampling from undergraduate students in Isan's autonomous universities, governmental universities, and private institutions. The data collection tool was a questionnaire, the content of which was validated by experts. The reliability of the tool was tested by the formula for Cronbach's alpha coefficient, which yielded a reliability of 0.83. Multiple regression analysis was applied to analyze the data. The results, regarding factors influencing the channels for political news exposure, showed that channels for political news exposure were mostly influenced by inner drives, followed by importance in political news exposure, influence from social networks, and specific characteristics of the Internet. This could explain the variation of channels for political news exposure at 46.5%. In terms of factors influencing political news selection, it was found that political news selection was influenced mostly from social networks, followed by inner drives, benefits from political news exposure, specific characteristics of the Internet, and the field of study. The variation of the political news selection could be explained at 44.6%. These results elaborate on the current situation in Thailand, especially in Isan region, where youths in higher education are playing an increasing role in demonstrating their political stance through various political activities.

• 디지털산업정보학회논문지
• /
• 제14권3호
• /
• pp.45-53
• /
• 2018

The Personal Information Protection Act has been revised continuously since its establishment, and as a way to secure stability properly, the guidelines as well as enforcement ordinances and regulations have been changed, too. It seems that people's recognition and awareness of private information have already evolved to a certain level that is regarded to be fairly high. However, no one can exactly imagine how much ripple effect scrapping discarded paper regarded simply as waste material which is often and easily practiced in our everyday lives exerts and how many socially significant events it may arouse in our lives. Private information is produced, operated, preserved, utilized, distributed within the frame of law unidentified, and then discarded with a particular purpose. While going through a series of processes, each piece of that private information comes to be reproduced melting a lot of information. It is used and also changed beneficially sometimes to richen our lives or as basic material for welfare. Meanwhile, its importance is decided by its weight or mass and then often gets discarded after all. It means that the process of disuse is being done in a way to arouse the possibility of invasion of personal rights and also the second and third and also more exposure of private information. Therefore, approaching the meaning of automation politically, this study aims to suggest how to secure stability in the process of discarding private information in terms of logical automation.

• 한국콘텐츠학회논문지
• /
• 제21권4호
• /
• pp.1-13
• /
• 2021

코로나19에 대한 전세계적 팬데믹이 진행되고 있는 상황에서 잘못된 정보가 대중에게 노출되었을 경우 발생할 수 있는 잠재적인 문제에 대한 우려와 함께 현재 주요 앱 마켓에서 민간 애플리케이션에 대한 차단 조치도 단행되고 있다. 그러나 감염병 상황에서 중앙집중식의 일방적인 정보 전달보다 대중이 스스로 정보를 공유하는 것이 효과적인 측면도 동시에 존재한다. 본 연구는 텍스트마이닝을 이용해 감염병 상황에서 민간 주도의 정보제공에 대한 이용자 반응을 분석한다. 이를 위해 정부와 민간이 현재 한국의 구글 플레이스토어에서 제공하고 있는 모든 코로나19 애플리케이션에 대한 이용자들의 반응에 대한 토픽 모델링과 감성분석을 실시한다. 분석 결과, 이용자들은 정보의 신뢰성, 위험회피, 실시간성, 유용성, 안정성 등 모든 차원에서 정부 대비 민간 애플리케이션에 대해 더 긍정적인 반응을 보이는 것으로 분석되었다. 분석 결과를 바탕으로 민간 애플리케이션에 대한 일방적인 차단이 아닌, 사후적인 모니터링 시스템을 도입하는 방안 등을 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권4호
• /
• pp.1832-1853
• /
• 2018

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

• 한국정보통신학회논문지
• /
• 제20권6호
• /
• pp.1109-1122
• /
• 2016

무인증서 공개키 암호(Certificateless Public Key Encryption scheme)는 사용자 ID를 공개키로 사용함으로써 공개키 암호 시스템의 인증서 관리 문제를 해결하고 ID기반 암호 기법의 키 위탁(key escrow) 문제를 해결할 수 있는 기술이다. 이에 대한 연구가 활발히 진행되었음에도 불구하고, 기존의 여러 무인증서 암호 기법들은 사용자가 선택한 비밀값과 복호화 키 노출 공격에 대한 안전성을 고려하지 않고 설계되었다. 비밀값과 복호화 키 노출 공격이란 한 번이라도 공개키가 교체된 이후 이전에 사용했던 비밀값과 복호화 키가 노출된다면 그로부터 ID에 대응하는 부분 개인키를 획득해 현재의 정당한 복호화 키를 연산할 수 있는 공격이다. 본 논문에서는 키 노출 공격에 대해 안전한 새로운 안전성 모델을 제안하고, 해당 안전성 모델에서 기존의 무인증서 공개키 암호 기법들이 안전하지 않음을 보인다. 또한, 제안한 모델에서 안전한 새로운 무인증서 공개키 암호 기법을 제시하고, DBDH(Decision Bilinear Diffie-Hellman) 가정을 기반으로 안전성을 증명한다.

• 정보보호학회논문지
• /
• 제19권3호
• /
• pp.119-131
• /
• 2009

세계적으로 통용되고 있는 키 교환 프로토콜은 TLS/SSL 등의 공개된 암호 통신프로토콜인 반면에 국내 금융권에서는 공인인증과 더불어 금융권에 적합한 공개키 기반 구조(PKI: Public Key Infrastructure)를 이용한 키 교환 프로토콜을 민간 주도로 개발하여 사용하고 있다. 하지만 금융권에서 사용하고 있는 키 교환 프로토콜은 클라이언트 위장공격(client impersonation attack)과 기지 키 공격(known-key attack)에 취약하며, 전방향 안전성 (forward secrecy)을 제공하지 않는다. 특히, 암호문과 서버 측 개인키(예: RSA 개인키)만 있으면 쉽게 과거의 세션키(session-key)를 알아내 암호화된 메시지를 복호화 할 수 있기 때문에, 만약 내부 관리 등의 문제로 인해 금융보안 서버의 개인키 유출 시 막대한 개인정보와 금융정보가 노출될 우려가 있다. 본 논문에서는 금융권에 사용 중인 암호 통신 프로토콜의 취약점을 분석하고, 국내 환경에 적합하도록 프로토콜 교체 비용을 최소화하면서 클라이언트 위장 공격과 세션키 노출 및 개인키 유출 사고에도 안전한 두 개의 키 교환 프로토콜을 제안한다. 또한 제안하는 두 번째 프로토콜이 HDH(Hash Diffie-Hellman) 문제가 어렵다는 가정 하에 증명 가능한 전방향 안전성을 제공함을 보인다.